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1 This action is in response to the communication filed on 3/16/2009. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant's arguments filed 3/16/2009 have been fully considered but they are not 

5 persuasive. 

6 Regarding the applicants' argument that the header of the packet of Gupta does not 



7 contain "all" of the generated validity information necessary to perform the validity check, the 

8 examiner still does not find this argument persuasive. The applicants' use the language "all 

9 necessary information required for performing a validity check" throughout the specification. In 

10 order to remain consistent with the specification, the examiner has looked to the instant 

1 1 specification in order to interpret the usage of this language, for the purposes of searching and 

12 applying prior art. The specification provides evidence that this limitation means "all necessary 

13 information required for performing a validity check without the checking entity needing to 

14 further communicate with the sending network node", as the specification clearly shows that 

15 the checking node does not require further communication with the sending node in order to 

16 perform the validity checking, but that the checking entity may need to receive additional 

17 information from somewhere (i.e. a certificate authority) in order to perform the validity 

18 checking. As such, if Gupta disclosed that the key was retrieved from the DNS server, or that 

19 the algorithm to perform the verification was known by the verifier, this would still fall within 

20 the scope of the language, in light of the specification. Therefore, the examiner does not find the 

21 argument persuasive. 
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1 Regarding the applicants' argument that Gupta does not disclose that "no pre-established 

2 security association is needed to verify the packet" because the sender has the key before the 

3 verification is performed, the examiner does not find the argument persuasive. The instant 

4 specification paragraph 0054 further states, with regards to the lack of pre-established security 

5 association, that "the nodes do not need to have any pre-established [security association], or 

6 have to exchange key values beforehand". The fact that the keys were generated before the 

7 fingerprint is encrypted at the sender does not mean there was a pre-established security 

8 association between the communicating nodes. In fact, Fig. 7 of Gupta shows that the recipient 

9 node does not necessarily have the key before the communication. Furthermore, the instant 

10 specification paragraph 0004 indicates that a security association is part of IPSec, but Gupta does 

1 1 not disclose the use of IPSec, and that the security association is "a set of policy and key(s) used 

12 to protect information". Gupta does not disclose such security association existing before the 

13 communication. As such, the examiner does not find the argument persuasive. 

14 Regarding the applicants' argument, with respect to previous claim 5 which is now 

15 incorporated into the independent claims, that Gupta did not disclose wherein the algorithm 

16 information comprises values to initialize an algorithm to be used to perform the validity check 

17 of the packet, the examiner does not find the argument persuasive. The applicants appear to 

1 8 believe that the claim language requires that the algorithm itself or an indication of what 

19 algorithm should be used be included in the validity information. However, this is not the case. 

20 Rather, the claim language requires that values to initialize an algorithm be included in the 

21 validity information. To initialize is to assign an initial value. In other words, the claim 

22 requires that an initial value be input to the algorithm. Col. 7 Paragraph 2 clearly shows that the 
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1 encrypted signature is decrypted. In order for this to occur, the encrypted signature must 

2 "initialize" the decryption algorithm. As such, the examiner does not find the argument 

3 persuasive. 

4 Further, rather than claiming what the invention is not, the examiner suggests that the 

5 applicants carefully consider the meets and bounds of their invention, and then carefully 

6 construct positive claim limitations which accurately define that scope. For example, if the 

7 applicants believe that it is important to their invention that the algorithm and key used for 

8 verification is provided in the header of the packet, then the applicants should particularly point 

9 that out in the claim language. 



10 The examiner has maintained the prior art rejections previously set forth. 

1 1 All objections and rejections not set forth below have been withdrawn. 

12 Claims 1,2,4,6-15,18,42-64 and 66-68 have been examined. 

1 3 Information Disclosure Statement 

14 The information disclosure statement(s) (IDS) submitted on 3/16/2009 are in compliance 

15 with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the information 

16 disclosure statements. 

17 Claim Objections 

18 Claim 18 is objected to because of the following informalities: Claim 18 has two 

19 terminating periods. Appropriate correction is required. 
20 

2 1 Claim Rejections - 35 USC §102 
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1 The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 

2 basis for the rejections under this section made in this Office action: 

3 A person shall be entitled to a patent unless - 

4 (b) the invention was patented or described in a printed publication in this or a foreign 

5 country or in public use or on sale in this country, more than one year prior to the date of 

6 application for patent in the United States. 
7 

8 Claims 1-2, 6-10, 15, 18, 42-43, 45-49, 54-56, 58-60, and 62-64, and 66-68 are rejected 

9 under 35 U.S.C. 102(b) as being anticipated by Gupta et al. (US Patent Number 6,389,532) 

1 0 hereinafter referred to as Gupta. 

1 1 Regarding claims 1 and 66, Gupta disclosed a method (See Gupta Fig. 1 Element 104, 



12 108 or 1 12), comprising the steps of: generating validity information for a packet (See Gupta 

13 Figs. 5-6 and Col. 6 Paragraphs 2-4), wherein the validity information comprises all necessary 

14 information required to perform a validity check of the packet (See Gupta Fig 7 and Col. 6 

15 Paragraph 5 - Col. 7 Paragraph 2); the validity information comprising algorithm information to 

16 be used for performing the validity check of the packet and no pre-established security 

17 association is needed to verify the packet (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); 

18 generating a packet header (302), comprising the validity information (See Gupta Fig. 3 and Col. 

19 6 Paragraphs 3-4) and comprising generating the algorithm information comprises generating of 

20 the algorithm information which comprises values to initialize an algorithm to be used to 

21 perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3-4, the data, the key 

22 index, the signature, or the fingerprint, for example); and sending the packet including the header 

23 from a first network node to a second network node (See Gupta Col. 6 Paragraph 4). 

24 Regarding claim 18, Gupta disclosed an apparatus comprising: validity information 
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1 generating means for generating validity information for a packet (See Gupta Figs. 5-6 and Col. 

2 6 Paragraphs 2-4); packet header generating means for generating a header for the packet, 

3 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and sending 

4 means for sending the packet including the header to a receiving network node (See Gupta Col. 6 

5 Paragraph 4), wherein the validity information comprises all necessary information required for 

6 performing a validity check of the packet and no pre-established security association is needed to 

7 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2) and the validity 

8 information comprises algorithm information to be used for performing the validity check of the 

9 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 

10 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

1 1 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example). 

12 Regarding claim 42, Gupta disclosed an apparatus, comprising: a validity information 

13 generator configured to generate validity information for a packet (Sec Gupta Figs. 5-6 and Col. 

14 6 Paragraphs 2-4); a packet header generator configured to generate a header for the packet, 

15 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and a 

16 transmitter configured to send the packet including the header to a receiving network node (See 

17 Gupta Col. 6 Paragraph 4), wherein the validity information comprises all necessary information 

1 8 required to perform a validity check of the packet and no pre-established security association is 

19 needed to verify the packet, and the validity information comprises algorithm information to be 

20 used to perform the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

21 Paragraph 2), wherein the algorithm information comprises values to initialize an algorithm to be 
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1 used to perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3-4, the data, the 

2 key index, the signature, or the fingerprint, for example). 

3 Regarding claim 55, Gupta disclosed an apparatus, comprising: a receiver configured to 

4 receive packets from a sending network node (See Gupta Fig. 1 Element 108, Fig. 7 and Col. 6 

5 Paragraph 5); and a checker configured to perform a validity check of a packet by referring to 

6 validity information contained in a header of the packet and no pre-established security 

7 association is needed to verify the packet (See Gupta Fig. 7 and Col. 7 Paragraph 2), wherein the 

8 validity information comprises all necessary information required to perform the validity check 

9 of the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

10 information comprises algorithm information to be used to perform the validity check of the 

1 1 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 

12 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

13 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example). 

14 Regarding claim 59, Gupta disclosed an apparatus, comprising: a transmitter configured 

15 to forward packets from a sending network node to a receiving network node (See Gupta Fig. 7 

16 and Col. 6 Paragraph 5); and a checker configured to perform a validity check of a packet by 

17 referring to validity information contained in a header of the packet (See Gupta Fig. 7 and Col. 7 

1 8 Paragraph 2), wherein the validity information comprises all necessary information required to 

19 perform a validity check of the packet and no pre-established security association is needed to 

20 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

21 information comprises algorithm information to be used to perform the validity check of the 

22 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 
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1 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

2 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example). 

3 Regarding claims 63 and 67, Gupta disclosed a method comprising: receiving packets 

4 (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2); and performing a validity check 

5 of a packet by referring to validity information contained in a header of the packet (See Gupta 

6 Fig. 7 and Col. 7 Paragraph 2), wherein the validity information comprises all necessary 

7 information required for performing the validity check of the packet and no pre-established 

8 security association is needed to verify the packet, the validity information comprising algorithm 

9 information to be used for performing the validity check of the packet (Sec Gupta Fig 7 and Col. 

10 6 Paragraph 3 - Col. 7 Paragraph 2), wherein the algorithm information comprises values to 

1 1 initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

12 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example). 

13 Regarding claims 64 and 68, Gupta disclosed a method comprising: forwarding received 

14 packets (Gupta Col. 7 Paragraph 2); and performing means for performing a validity check of a 

15 packet by referring to validity information contained in a header of the packet (Gupta Col. 7 

16 Paragraph 2), wherein the validity information comprises all necessary information required for 

17 performing a validity check of the packet and no pre-established security association is needed to 

1 8 verify the packet, the validity information comprising algorithm information to be used for 

19 performing the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

20 Paragraph 2), wherein the algorithm information comprises values to initialize an algorithm to be 

21 used to perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3-4, the data, the 

22 key index, the signature, or the fingerprint, for example). 
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1 Regarding claims 2, 43, 56 and 60, Gupta disclosed that the generating of the validity 

2 information comprises generating security information indicating security services applied to the 

3 packet (See Gupta Col. 5 Paragraph 7). 

4 Regarding claims 6, 45, 58, and 62, Gupta disclosed that the generating of the validity 

5 information comprises generating public key information of a sending node (See Gupta Col. 6 

6 Paragraphs 2-6, for example the public and private key pair, or the key index). 

7 Regarding claims 7, and 46 Gupta disclosed that the generating of the public key 

8 information comprises generating reference information related to how a public key can be 

9 obtained (See Gupta Col. 6 Paragraphs 3-4 and Col. 7 Paragraph 2). 

10 Regarding claims 8, and 47, Gupta disclosed that the generating of the reference 

1 1 information comprises generating an identity of an entity from which the public key can be 

12 obtained (See Gupta Col. 6 Paragraphs 3-4, Col. 7 Paragraph 2, and Col. 3 Line 64 - Col. 4 Line 

13 13, wherein the index is the identity, and the entry in the table is the entity). 

14 Regarding claims 9, and 48, Gupta disclosed that the generating of the reference 

15 information comprises generating a public key identifier for the public key (See Gupta Col. 6 

16 Paragraphs 3-4 and Col. 7 Paragraph 2, the key index). 

17 Regarding claim 10, and 49, Gupta disclosed that the generating of the public key 

18 information comprises generating the public key (See Gupta Col. 6 Paragraph 2). 

19 Regarding claim 15 and 54, Gupta disclosed signing the packet using a private key 

20 corresponding to a public key indicated by the validity information in the packet header in a 

21 sending network node (See Gupta Col. 6 Paragraph 4). 
22 
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1 Claim Rejections - 35 USC § 103 

2 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or 

5 described as set forth in section 102 of this title, if the differences between the subject matter 

6 sought to be patented and the prior art are such that the subject matter as a whole would have 

7 been obvious at the time the invention was made to a person having ordinary skill in the art to 

8 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

9 the invention was made. 
10 

11 Claims 4, 12-14, 44, 51-53, 57, and 61 are rejected under 35 U.S.C. 103(a) as being 

12 unpatentable over Gupta as applied to claims 1 , 1 8, 19, and 20 above, and further in view of 

13 Naudus (US Patent Number 6,202,08 1). 

14 Regarding claims 12-14, and 5 1-53, Gupta disclosed validation of packets, but failed to 

15 disclose that the step of generating the validity information comprises generating an information 

1 6 item for preventing replay attacks. 

17 Naudus teaches that in a packet filtering system, packets should include timestamps in 



1 8 order to prevent replay attacks. Naudus further teaches that "[r]eplay attacks occur when a 

19 malicious user gains access to a router or other network device on a computer network that is 

20 forwarding data packets. Legitimate data packets are intercepted and then re-sent at a later time 

21 to allow the malicious user to appear as a legitimate user. A firewall helps prevent replay attacks 

22 by checking a time-stamp in the data packet that prevents the data packets from being re-sent at a 

23 later time." (See Naudus Col. 2 Paragraph 4). 

24 It would have been obvious to the ordinary person skilled in the art at the time of 

25 invention to employ the teachings of Naudus in the packet validity checking system of Gupta by 
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1 including a timestamp in each packet and verifying the timestamp at the validity checker. This 

2 would have been obvious because the ordinary person skilled in the art would have been 

3 motivated to prevent replay attacks in the network. In this combination, the inclusion of a 

4 timestamp in each packet, in itself, is an indication of a procedure to be used for anti replay 

5 attacks. 

6 Regarding claims 4, 44, 57, and 61 , Gupta did not specifically teach that the step of 

7 generating the algorithm information comprises generating the algorithm information which 

8 indicates an algorithm to be used for performing the validity check of the packet. However, as 

9 taught by Naudus, in Col. 6 Line 60 - Col. 7 Line 7, it is well known to include in the packet 

10 header, an identification of which algorithm was used to sign the packet. As such, it would have 

1 1 been obvious to have included this information within the packet. Furthermore, the ordinary 

12 person skilled in the art at the time of invention would have recognized that this would allow for 

13 the user of a multiplicity of signature algorithms, as well as allowing updating of the signature 

14 algorithms in the future, and therefore it would have been obvious to have included an indication 

15 of the signature algorithm in the packet. 

16 Claims 11, and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gupta 

17 as applied to claims 6 and 23 above, and further in view of Nikander (US Patent Number 

18 7,155,500). 

19 Gupta disclosed including public key information within the packets, but failed to 

20 specifically disclose including the public key itself within the packets or that the step of 

21 generating the public key information comprises generating public key verification information 

22 indicating information in order to verify that the public key actually belongs to the sending node. 
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1 Gupta did disclose that the public and private key pairs can be generated and stored in a 

2 certification server (See Col. 4 Paragraph 2). 

3 Nikander teaches that by including a public key itself and the certificate of the public key, 

4 the receiving host can verify that the public key is truly owned by the sender (See Nikander Col. 

5 10 Line 50 -Col. 12 Line 9). 

6 It would have been obvious to the ordinary person skilled in the art at the time of 



7 invention to employ the teachings of Nikander in the packet verification system of Gupta by 

8 including the public key and public key certificate within each packet and verifying that the 

9 sender of each packet owned the public key used to sign the packet. This would have been 

10 obvious because the ordinary person skilled in the art would have been motivated to ensure that a 

1 1 malicious node was not claiming to be a different node. 



12 Conclusion 

13 Claims 1-2, 4, 6-15, 18, 42-64, and 66-68 have been rejected. 

14 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

15 policy as set forth in 37 CFR 1 .136(a). 

16 A shortened statutory period for reply to this final action is set to expire THREE 

17 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

1 8 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

19 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

20 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

21 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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1 however, will the statutory period for reply expire later than SIX MONTHS from the mailing 

2 date of this final action. 

3 Any inquiry concerning this communication or earlier communications from the 

4 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

5 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

6 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

7 supervisor, William Korzuch can be reached on (571)272-7589. The fax phone number for the 

8 organization where this application or proceeding is assigned is 571-273-8300. 

9 Information regarding the status of an application may be obtained from the Patent 

10 Application Information Retrieval (PAIR) system. Status information for published applications 

1 1 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

12 applications is available through Private PAIR only. For more information about the PAIR 

13 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

14 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

15 like assistance from a USPTO Customer Service Representative or access to the automated 

1 6 information system, call 800-786-9 1 99 (IN USA OR CANADA) or 57 1 -272- 1 000. 
17 

18 

19 /Matthew T Henning/ 

20 Examiner, Art Unit 243 1 
21 



